How Hackers of Submarine Cables May Be Held Liable Under the Law of the Sea
Submarine internet cables play a vital role in the modern economy and transmit almost all global internet connections between countries. These cables, however, are vulnerable to interference or hacking by foreign states who seek to obtain the valuable data that passes through them. Because these cables are located on the high seas, however, no country has legal jurisdiction over large portions of them allowing for any number of states or private actors to hack into them and steal valuable information. This Comment evaluates whether states have any legal recourse under public international law against entities that hack into submarine cables. To answer this question, this Comment explores the development of public international law with respect to the high seas and evaluates public international norms for hacking and cyber operations. This Comment then argues, given the weakness of current domestic regimes with respect to submarine cable protections, the International Tribunal of the Law of the Sea can assert jurisdiction over disputes related to submarine hacking. This Comment further makes the novel argument that states can assert damage done to cables through hacking or violations of citizens’ rights to privacy through hacking present potential legal avenues to pursue liability against submarine hacking.
- I. Introduction
- II. Technical Primer on Hacking and Submarine Cables
- III. The Shifting Dialogue Around Submarine Cable Hacking
- IV. International Laws Regulating Submarine Cables
- V. International Norms With Respect to Hacking
- VI. The Lay of the Land of Current Scholarship
- VII. Using ITLOS to Trigger Dispute Resolution: Damage and Privacy Solutions for Hacking
- VIII. Conclusion
Contrary to popular belief, the global internet is largely comprised of a network of data cables linking states and continents and not satellite links propelling data through the air.1
See, generally Edward Malecki & Hu Wei, A Wired World: The Evolving Geography of Submarine Cables and the Shift to Asia, 99 Annals Ass’n Am. Geographers 360 (2009).
Greg Miller, Undersea Internet Cables are Surprisingly Vulnerable, Wired (Oct. 29, 2015), https://perma.cc/X53J-XMHA.
Submarine Cable Map, TeleGeography, https://perma.cc/S2SR-FL66(2021).
These undersea cables are only about the size of a garden hose but represent billions of dollars of productivity and information. If a ship were to drop anchor in the wrong location and sever a cable, internet service could be cut to an entire country.4
Chris Baynes, Entire Country Taken Offline for Two Days After Undersea Internet Cable Cut, Indep. (Apr 11, 2018), https://perma.cc/26LE-P6QD.
Tim Johnson McClatchy, Undersea Cables: Too Valuable to Leave Vulnerable, Gov’t Tech. (Dec. 12, 2017), https://perma.cc/AH3X-TPMX.
More insidiously, however, these cables are also at risk of hacking and intelligence gathering because so much data flows through them. States can use submarines to make small slits in submarine cables and insert listening and data collection devices.6
Christopher Drew, Divers Say Net Tied Submarine to Listening Device, N.Y. Times (Aug. 9, 2005), https://perma.cc/YXS8-ACXT.
Sophia Ankel, Russian Intelligence Agents Reportedly Went to Ireland to Inspect Undersea Cables, and It’s Reigniting Fears They Could Cut Them and Take Entire Countries Offline, Bus. Insider (Feb. 17, 2020), https://perma.cc/8CE7-V38L.
Doug Brake, Info. Tech. & Innovation Found., Submarine Cables: Critical Infrastructure for Global Communications (2019), https://perma.cc/8YQ8-T9TL.
Out of concern for this sort of hacking, in 2020 the U.S. blocked Google and Facebook from turning on a submarine cable linking the U.S. and Hong Kong.9
Anthony Spadafora, Google, Facebook Undersea Web Cable Will No Longer Connect US and Hong Kong, TechRadar (Aug. 31, 2020), https://perma.cc/U8YZ-FXXS.
Justin Sherman, The US-China Battle over the Internet Goes Under the Sea, Wired (June 24, 2020), https://perma.cc/5X8K-8FY4.
Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davis & James Ball, GCHQ Taps Fibre-optic Cables for Secret Access to the World’s Telecommunciations, The Guardian (June 21, 2013), https://perma.cc/4DGD-HRN5.
Barbara Starr, U.S. Sensors Detect Russian Submarines Near Underwater Cables, CNN (Oct. 28, 2015), https://perma.cc/RL96-QV9L.
Olga Khazan, The Creepy, Long-Standing Practice of Undersea Cable Tapping, The Atlantic (July 16, 2013), https://perma.cc/W8GY-F5R2.
As the world becomes increasingly interconnected and states increasingly rely on the internet economically, hacking into internet infrastructure becomes a greater threat. The U.S., for example, has undertaken expensive and extensive efforts to remove Huawei from its domestic telecommunication infrastructure to prevent the Chinese government from spying domestically.14
David McCabe, F.C.C. Designates Huawei and ZTE as National Security Threats, N.Y. Times (June 30, 2020), https://perma.cc/PW37-6Z2Y.
Tim Hornyak, Here’s What It Takes to Lay Google’s 9,000km Undersea Cable, ComputerWorld (July 13, 2015), https://perma.cc/EHL6-GSMX(approximately $300 million for a cable between the U.S. and Japan).
James Griffiths, The Global Internet Is Powered by Vast Undersea Cables. But They’re Vulnerable, CNN (July 26, 2019), https://perma.cc/3VJM-LQQD.
Even with such a large threat, there is an open question as to whether states can protect against submarine cable hacking. The fundamental question this Comment seeks to answer is whether states have any recourse or protections against submarine cable hacking by foreign states under public international law. This Comment argues the increasingly recognized international right to privacy can provide grounds for protecting against submarine cable hacking and that states can enforce this right through dispute resolution mechanisms for the high seas.
This Comment proceeds in five sections to develop this answer. Section II provides a brief overview of the technology behind submarine cables and the methods used in hacking these cables. Section III evaluates current attitudes in the international community with respect to submarine cable hacking and explains why norms around privacy, combined with the incredible resources required to protect cables from hacking, may lead to a shift in states’ treatment of submarine cable hacking.
Section IV explores the history of international treaties and conventions surrounding submarine cables and the high seas. Section V summarizes current public international law related to cyber operations and hacking and discusses the emergence of a newly recognized international right to privacy with respect to telecommunications and personal data. Section VI discusses current scholarly responses to submarine cable hacking to situate this Comment’s solution in present scholarship. And in Section VII, I propose a novel solution addressing the problem of submarine cable hacking using the international right to privacy adjudicated through dispute resolution mechanisms developed for the high seas. The use of the international right to privacy and this dispute resolution body is presently underdiscussed by scholars. This solution further advances the right to privacy as integral to protect against submarine cable hacking and describes how shifts in attitudes toward privacy may contribute to the creation of norms against surveillance hacking.
This Section describes the network of submarine cables that makes up the modern internet, the technical elements of modern submarine cable hacking techniques, and the possibility of damage by submarine cable hacking. This information is relevant to subsequent possible solutions around submarine cable hacking because international treaties require some protections against incidental or intentional damage to submarine cables, as discussed in Section IV.
Most of the internet is formed through a network of undersea submarine cables.17
Id.
Stewart Ash, The Development of Submarine Cables, in Submarine Cables: The Handbook of Law and Policy 19 (Douglas R. Burnett, Robert C. Beckman & Tara C. Davenport eds., 2014).
Klint Finley, How Google Is Cramming More Data into Its New Atlantic Cable, Wired (Apr. 5, 2019), https://perma.cc/D49P-23GW.
H.I. Sutton, How Russian Spy Submarines Can Interfere with Undersea Internet Cables, Forbes (Aug. 19, 2020), https://perma.cc/5BXR-4CWT.
Because laying and operating a cable across large bodies of water is so costly, most cables were historically financed, laid, and operated by a consortium of multiple owners. For example, the U.S., Japan, and Australia agreed in 2020 to jointly finance a cable link to the Pacific island nation of Palau at a cost of $30 billion.21
Yohei Hirose, Japan, US and Australia to Finance Undersea Cable for Palau, Nikkei Asia (Oct. 28, 2020), https://perma.cc/2WXP-FH9D.
Marissa Alcala et al., Financing Subsea Cables in Latin America, Norton Rose Fulbright (June 16, 2020), https://perma.cc/QPG9-QKZW.
Sam Shead, Google Is Building a Huge Undersea Fiber-Optic Cable to Connect the U.S. to Britain and Spain, CNBC (July 28, 2020), https://perma.cc/T3GE-N363.
Once laid, cables are maintained and operated by the financing consortium or the private company financing the cable project. These cable operators are responsible for maintenance and repairs for any damage to the cable. Due to their length, most modern cables are outfitted with fault monitoring systems that can detect cable breaks or points of damage for repair.24
See generally Isaac Geisler et al., Dep’t of Sys. Eng’g & Operations Res., Geo. Mason Univ., Design of a Transoceanic Cable System (2015), https://perma.cc/7WPB-HRPE.
States are capable of spying on submarine cables. As discussed below, because the hacking of cables requires specialized equipment including submarines, most experts are concerned with government-sponsored hacking attempts.25
Griffiths, supra note 16.
Investigators ultimately determined a ship’s anchor was to blame for at least one of four simultaneously damaged cables connecting the Middle East and Europe, but many at the time alleged the cables were damaged by private actors and conspiracy theories still abound. Lily Hay Newman, Cut Undersea Cable Plunges Yemen Into Days-Long Internet Outage, Wired (Jan. 13, 2020), https://perma.cc/C4AF-CLBG;Kim Zetter, Undersea Cables Cut; 14 Countries Lose Web – Updated, Wired (Dec. 19, 2008), https://perma.cc/3TGK-EUHH.
Michael Sechrist, Harv. Kennedy Sch. Belfer Ctr., New Threats, Old Technology: Vulnerabilities in Undersea Communications Cable Network Management Systems (2012), https://perma.cc/953R-MSKW.
In general, the process by which intelligence agencies tap into cables is highly secretive. There are some indications, however, as to how it is done. Some reports indicate states use specially designed submarines equipped with devices to splice into cables. In this “splicing method,” the submarine, having broken through the protective coating, installs listening devices within the fiber optic cable to collect transmitted data.28
New Nuclear Sub Is Said to Have Special Eavesdropping Ability, N.Y. Times (Feb. 20, 2005), https://perma.cc/KDM9-683P.
See Tara M. Davenport, Submarine Cables, Cybersecurity & International Law: An Intersectional Analysis, 24 Cath. U. J.L. & Tech. 57, 103–5 (2015).
Meghan Neal, How to Hack the Backbone of the Internet, Vice (Oct. 31, 2013), https://perma.cc/6MWG-CF3E.
Other hacking methods appear less obtrusive. Some intelligence analysts have speculated operators gain access to a cable at landing stations—stations fitted with signal boosting equipment and cable access features—in order to install intercept probes that capture the fiber optic light signal and make a copy of it.31
See Khazan, supra note 13.
Id.
This Section discusses why submarine cable hacking is a pressing and ripe area for solutions within public international law. As noted above, most of the world’s global powers, particularly the U.S., China, and Russia, enjoy the ability to hack into one another’s cables and may want to reserve that ability. This may indicate few states would be interested in developing norms or international public law against submarine cable hacking. Indeed, the lack of a global convention against peacetime hacking may signal a lack of state interest in curbing this behavior. The ground, however, may be shifting.
First, the volume of information, and in turn sensitive information, that passes through submarine cables is growing. Presently, submarine cables carry 95% of all international communications.33
Submarine Cables, Nat’l Oceanic & Atmospheric Admin. (NOAA), https://perma.cc/2YKK-DTS3.
Paul Brodsky, Let’s Just Say Demand Is Thriving in the Global Bandwidth Market, Telegeography Dig. (May 1, 2020), https://perma.cc/B245-M8FE.
Data Volume of Global Consumer IP Traffic From 2017 to 2022, Statista (Feb. 2019), https://perma.cc/FY6S-NVT6.
Alex Vaxmonsky, New Subsea Cable Architectures Are Carrying the World’s Traffic, Equinix (Mar. 16, 2020), https://perma.cc/9GHL-WD9A.
Geoff Bennett, Subsea Cable Capacity: Where Do We Go Next?, Submarine Telecoms F. (Sept. 21, 2020), https://perma.cc/8P7K-NKJ3.
Submarine Cable System Market Worth $22.0 Billion by 2025, PR Newswire (Feb. 27, 2020), https://perma.cc/7QTT-LM33.
Second, while covert and secretive, state hacking and cyber operations only appear to be increasing in scope and frequency. In 2013, leaks revealed the British intelligence service the Government Communications Headquarters (GCHQ) was tapping dozens of fiber optic cables processing over 600 million telephone events and 21 Petabytes of data each day.39
MacAskill et al., supra note 11.
David E. Sanger & Eric Schmitt, Russian Ships Near Data Cables Are Too Close for U.S. Comfort, N.Y. Times (Oct. 25, 2015), https://perma.cc/WM9H-G9C6.
Xavier Vavasseur, Russia’s Pacific Fleet to Get 15 New Vessels in 2020, Naval News (May 29, 2020), https://perma.cc/39VS-4HZD.
Garrett Hinck, Evaluating the Russian Threat to Undersea Cables, Lawfare (Mar. 5, 2018), https://perma.cc/5RRD-PSX2.
This buildout of state capabilities to hack submarine cables has shifted states’ behavior with respect to submarine cables and hacking generally. Out of concern of Chinese hacking attempts, as mentioned above, U.S. regulators prevented the Pacific Light Cable Network connecting the U.S. and Hong Kong from going live.43
Agence-France Presse, Pacific Data Cable Not Safe from China if Hong Kong Included, Says US, The Guardian (June 17, 2020), https://perma.cc/HWY2-BLAB.
Mark Harris, Google and Facebook Turn Their Backs on Undersea Cable to China, TechCrunch (Feb. 6, 2020), https://perma.cc/D3YQ-55H8.
David E. Sanger & Steven Lee Myers, After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology, N.Y. Times (Nov. 29, 2018), https://perma.cc/KB46-K7SG.
Id.
Third, citizens and states are increasingly aware of hacking and intelligence gathering conducted through submarine cables. Expressions of outrage against these methods have increased accordingly. After Edward Snowden revealed the extent of spying on U.S. citizens, thousands took to the streets to protest against government surveillance.47
Jim Newell, Thousands Gather in Washington for Anti-NSA ‘Stop Watching Us’ Rally, The Guardian (Oct. 26, 2013), https://perma.cc/VWF5-AFSN.
The Right to Privacy in the Digital Age, U.N. Hum. Rts. Off. High Comm’r, https://perma.cc/PH43-KGJY.
Fourth, cables are not capable of being monitored like other military or commercial assets. Due to their length stretching hundreds of miles in the open ocean and the number of cables traversing the sea, states would need to expend unconscionable resources to patrol for surface ships and submarines that threaten cables. While cable operators are able to observe real-time widespread disruptions in data service, sophisticated hacking agents are supposedly able to splice into submarine cables without alerting cable operators.49
For attempts to solve this problem and a description of the technical requirements involved, see Lijuan Zhao et al., On-Line Monitoring System of 110 kV Submarine Cable Based on BOTDR, 216 Sensors & Actuators 28 (2014); Ye Yincan et al., Submarine Cable Project Management and Maintenance Monitoring Information System, in Submarine Optical Cable Engineering 259 (Ye Yincan, Jiang Xinmin, Pan Guofu, Jiang Wei eds., 2018).
Could Russia Cut Undersea Communication Cables?, BBC (Dec. 15, 2017), https://perma.cc/XX95-7X7M.
Because states are unable to fully patrol against submarine hacking attempts, states may want additional tools in their foreign policy toolbox to address possible hacking attempts. As the danger posed by hacking grows and because the resources required to patrol against hacking are so immense, states will need to explore alternative means to protect cables and their sensitive data, which may include recognizing liability for hacking. By recognizing grounds for liability against submarine cable hacking, states can obtain a tool for enforcement against rogue actors when the costs and benefits are in their favor.
Fifth, while the U.S., China, and Russia, among others, may want to continue participating in hacking operations, not all states participate in hacking and not all states will want to continue to allow hacking to persist on the global stage. Landlocked states and states with less robust submarine military presences do not have the same incentives to allow submarine hacking to continue because they cannot as easily participate. Further, these states may be incidentally damaged by hacking attempts against U.S. or Russian submarine cables because their information flows through those same cables to other states.51
Adam Satariano, How the Internet Travels Across Oceans¸ N.Y. Times (Mar. 10, 2019), https://perma.cc/KVR3-WD5N.
The geopolitical landscape and incentives around protections against cable hacking thus appear to be shifting. Accordingly, this Comment turns to international public law as a potential way to curb hacking behavior. In the following Section, this Comment examines the protections currently afforded to cables under public international law. Subsequently, this Comment evaluates current scholarly thought on solutions within the public international legal system before proposing a novel solution to the problem of submarine cable hacking.
International protections for submarine cables began, surprisingly enough, in the 1880s with the dawn of undersea telegraph wires. Due to threats from fishermen and pirates who accidentally or intentionally severed telegraph cables,52
For example, the first submarine cable crossing the English Channel was cut by a fisherman who thought he discovered a new species of seaweed. Eric Wagner, Submarine Cables and Protections Provided by the Law of the Sea, 19 Marine Policy 127, 128 (1995).
Convention for the Protection of Submarine Telegraph Cables, Mar. 14, 1884 [hereinafter 1884 Convention].
Id. art. II (“It is a punishable offence to break or injure a submarine cable, willfully or by culpable negligence, in such manner as might interrupt or obstruct telegraphic communication, either wholly or partially, such punishment being without prejudice to any civil action for damages.”).
The 1884 Convention, however, was limited in scope and application. Rather than develop a comprehensive international court to handle submarine cable disputes or violations of the convention, the 1884 Convention required states to create their own national regulations to protect submarine cables.55
Id. art. XII (“The High Contracting Parties engage to take or to propose to their respective legislatures the necessary measures for insuring the execution of the present Convention, and especially for punishing, by either fine or imprisonment, or both, those who contravene the provisions of Articles II, V and VI.”).
Id. art. 17.
47 USC § 21 et seq.
Wagner, supra note 52, at 135.
The signing countries in 1884 could not have anticipated the emergence of internet submarine cables or hacking into these cables to pilfer vital information. The 1884 Convention, however, may offer some recourse for this sort of misbehavior. Article II provides it is a punishable offense to “break or injure a submarine cable, willfully or by culpable negligence, in such manner as might interrupt or obstruct telegraphic communication.”59
1884 Convention, supra note 53, art. II.
Nevertheless, the 1884 Convention may be limited in its protective ability. First, the Convention requires states to implement domestic regimes protecting cables. Because domestic jurisdiction over foreign nationals is limited, especially on the high seas as will be discussed, these protections are limited in reach. Further, because Article II is limited solely to “telegraphic wires,” it is not clear whether damage to submarine internet cables portends liability under the Convention. While many modern cables have the ability to transmit telegraphs, most are fiber optic cables and therefore may be outside the convention’s scope. And unlike subsequent conventions, the 1884 Convention did not create a tribunal or dispute resolution body to handle these issues. States then are reliant on other states’ domestic regulations for protecting submarine cables. Regardless of its limited applicability to hacking, however, the 1884 Convention pioneered protections for submarine cables, the spirt of which have since been largely incorporated in modern treaties dealing with the high seas.
Following the 1884 Convention, the international community incorporated further protections for submarine cables in broader treaties related to the high seas. In 1958, the Geneva Conventions on the Continental Shelf and the 1958 Convention on the High Seas incorporated portions of the 1884 Convention. Namely, protections of cables from willful or culpably negligent damage and indemnification obligations for other cable owners were incorporated in these later conventions from the 1884 Convention.60
See id. arts. II, IV, VII; see also Douglas Burnett, Tara Davenport & Robert Beckman, Overview of the International Legal Regime, in Submarine Cables: The Handbook of Law and Policy 63, 71–72 (Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport eds., 2014).
Notably, the 1958 High Seas Convention additionally codified the freedom to lay cables as a high seas freedom, expanding the protections offered by the 1884 Convention.61
Convention on the High Seas, Apr. 29, 1958, 450 U.N.T.S. 82.
Id. art. II.
Id. art. XXVI.
Id.
Following these intermediary conventions, in 1982 the U.N. Convention on the Law of the Sea (UNCLOS), the contemporary convention for the law of the sea, was created.65
United Nations Convention on the Law of the Sea, Dec. 10, 1982, 1833 U.N.T.S. 397 [hereinafter referred to as UNCLOS].
UNCLOS, Int’l Union for Conservation of Nature, https://perma.cc/K8ZT-2UXV.For more information on the development of UNCLOS, see generally Myron H. Nordquist, et al., UNCLOS 1982 Commentary (Myron H Nordquist et al. eds., 2012).
A state’s territorial seas are the sea, including its bed and subsoil, for the area up to 12 miles from a state’s shores.67
UNCLOS, supra note 65, art. II.
Id. art. XXI; Burnett et al., supra note 60, at 76.
Robert Beckman, Protecting Submarine Cables from Intentional Damage, in Submarine Cables: The Handbook of Law and Policy 281, 287 (Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport eds., 2014).
Id at 287.
In the second zone, coastal states can claim the EEZ and continental shelf up to 200 nautical miles past the borders of the state’s territorial seas.71
UNCLOS, supra note 65, art. LVII.
Id.. See generally Kenneth W. Swenson, A Stitch in Time: The Continental Shelf, Environmental Ethics, and Federalism, 60 S. Cal. L. Rev. 851 (1987).
UNCLOS, supra note 65, art. LVI.
Id. art. LVIII.
Id. art. LXXXVIII.
See id. art. LXXIX (referring to the “laying or maintenance” of submarine cables and “repairing” existing cables.”); see also Burnett et al., supra note 60, at 81.
States, however, do not have unfettered access to the EEZ and the continental shelf in the name of cable installation or repair. UNCLOS requires states exercising these rights to “comply with the laws and regulations adopted by the coastal State in accordance with the provisions of this Convention and other rules of international law.”77
UNCLOS, supra note 65, art. LVIII.
UNCLOS provides similar protections for submarine cables in the EEZ as in territorial waters, though jurisdiction is less clear. Again, similar to territorial waters, while states are required to “adopt the laws and regulations necessary to provide that the breaking or injury by a ship flying its flag or by a person subject to its jurisdiction of a submarine cable beneath the high seas done willfully or through culpable negligence… be a punishable offense,”78
Id. art. LXIII.
Beckman, supra note 69, at 288.
Id.
Zone to Protect Perth Submarine Cables, Australian Comm’n & Media Auth., https://perma.cc/R6RS-Q6G3.
Beckman, supra note 69, at 288.
The high seas are the third zone described by UNCLOS. The high seas are defined as “all parts of the sea that are not included in the exclusive economic zone, in the territorial sea or in the internal waters of a State, or in the archipelagic waters of an archipelagic State.”83
UNCLOS, supra note 65, art. LXXXVI.
Id. art. LXXXIX (“No state may validly purport to subject any part of the high seas to its sovereignty.”).
The high seas, although beyond the reach of any state, are subject to applicable international treaties including UNCLOS. Broadly, the high seas are reserved for “peaceful purposes.”85
Id. art. LXXXVIII..
UNCLOS does not offer many protections for submarine cables on the high seas. Under UNCLOS, states maintain the freedom to lay submarine cables86
Id. art. CXII..
Id. art. LXXXVII.
UNCLOS, supra note 65, art. CXIII.
Beckman, supra note 69, at 288; see also Wagner, supra note 52, at 135.
Unlike the 1884 Convention, UNCLOS included a dispute resolution framework for conflicts between states. The International Tribunal for the Law of the Sea (ITLOS) serves as a binding dispute resolution mechanism where states are unable to reach a peaceful settlement. ITLOS has jurisdiction over “any dispute concerning the interpretation or application of this Convention which is submitted to it in accordance with this Part” including failing to comply with convention obligations.90
UNCLOS, supra note 65, art. CCLXXXVII. See generally Tullio Treves, Human Rights and the Law of the Sea, 28 Berkeley J. Int’l. L. 1 (2010).
States are able to select ITLOS for the settlement of disputes at any time through means of written declaration;91
UNCLOS, supra note 65, art. CCLXXXVII.
Id. art. CCXCV.
ITLOS can apply the international law under UNCLOS or “other rules of international law not incompatible with this Convention.”93
Id. art. CCLXXXVIII.
List of Cases, International Tribunal for the Law of the Sea, https://perma.cc/ZW45-Y548.
For example, ITLOS adjudicated the maritime boundary between Mauritius and Maldives in the Indian Ocean. See Dispute Concerning Delimitation of the Maritime Boundary Between Mauritius and Maldives in the Indian Ocean (Mauritius v. Maldives), Case No. 28, Special Agreement and Notification of 24 September 2019. In another case, ITLOS provided an advisory opinion for the minimum access conditions and exploitation of fishery resources for the Sub-Regional Fisheries Commission. See Request for Advisory Opinion Submitted by the Sub-Regional Fisheries Commission, Advisory Opinion, 2 April 2015, ITLOS Reports 2015, Case No. 21.
Because UNCLOS does not offer explicit protections for cables from hacking on the high seas, the puzzle then is how to create enforcement mechanisms and norms against hacking. Because domestic jurisdiction can only be asserted in territorial waters and most states do not have robust domestic laws, trying to enforce cable protections through national laws seems impractical. Indeed, as will be discussed, scholars have consistently decried the absence of domestic protections for submarine cables. In the following Section, this Comment will explore whether other conventions in international law, rather than solely the laws of the sea, protect against submarine cable hacking. This Comment then explores possible solutions to this problem of liability using ITLOS as a possible avenue for liability.
This Section describes the international conventions and framework with respect to cyber operations and hacking. Generally, hacking and cyber surveillance are regarded as peacetime activities and are not limited by any international treaties or conventions. The methods employed in pursuit of these goals, however, may be deemed problematic by various conventions. This Section explores the limits of hacking techniques and cyber surveillance and discusses how shifting norms around the right to privacy may change international consensus on the viability of some surveillance tactics.
At present, there is no international framework for hacking offenses or cyber operations. While previous conventions like the Budapest Convention on Cybercrime96
Convention on Cybercrime, Nov. 23, 2001, E.T.S. No. 185.
Amalie M. Weber, The Council of Europe’s Convention on Cybercrime, 18 Berkeley Tech. L.J. 425, 426–30 (2003).
Id. at 428–30.
In response to lacking a global framework, a group of preeminent international law scholars and practitioners created the Tallinn Manual99
NATO Cooperative Cyber Def. Ctr. of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Michael N. Schmitt ed., 2d ed. 2017) [hereinafter Tallinn Manual].
Id. at 2.
Id. at 4.
According to the Tallinn Manual, the primary basis for liability for cyber activities is territorial. Much like a state has jurisdiction over damage to cables in its territorial seas, states have jurisdiction over cyber activities or hacking that occur within their territory or their territorial waters.102
Id. at 51.
Id. at 257.
Tapping or hacking activities outside of a state’s territorial waters do not offer the same legal recourse. Like cable damage under UNCLOS, the EEZ and the continental shelf is subject to a complicated legal framework for cyber operations jurisdiction. Generally, if cyber operations are carried out for “peaceful purposes” and maintain “due regard to that State’s rights and duties in the zone,” they are permitted in the EEZ.104
Id. at 233 (“In particular, employing a submarine or unmanned underwater vehicle to tap in territorial or archipelagic waters is inconsistent with the navigational regime of innocent passage as submarines are required to transit on the surface.”)
Id. at 257.
On the high seas, states have even fewer rights or protections against hacking. Cable hacking attempts on the high seas do not constitute a violation of the hacked state’s sovereignty.106
See Oliver J. Lissitzyn & Charles H. Stockton, Electronic Reconnaissance From the High Seas and International Law, 22 Naval War Coll. Rev. 26, 28 (1970).
See, e.g., Roger D. Scott, Territorially Intrusive Intelligence Collection and International Law, 46 A.F. L. Rev. 217, 219 (1999). See also Davenport, supra note 29, at 105.
Tallinn Manual, supra note 99 at 257. But see Davenport, supra note 29, at 105 (“Whether UNCLOS can be used to address the mass surveillance carried out through the tapping of undersea cables is not entirely clear . . . Such surveillance does not fall within conventional perceptions of military activities/intelligence gathering at sea, which as mentioned above, is targeted, and aims at enhancing knowledge of the marine environment and/or the military capabilities of other State’s navies.”).
As typified by the above, norms around cyber operations have either not solidified or are highly permissive of cyber operations on the high seas. Because these norms are absent, there is insufficient state practice and public international law to conclude cyber espionage is per se banned.109
Tallinn Manual, supra note 99, at 169.
Id. at 170.
One incidental effect of submarine cable hacking is damage to the submarine cables as a result of splicing into the cable or damaging the cable in the installation of surveillance devices. As noted above, UNCLOS mandates states craft laws to hold their citizens liable for intentional or negligent damage to submarine cables. These laws, however, are limited in jurisdiction to territorial waters. Experts notably have split as to whether the mere act of tapping cables that results in damage renders it a violation of public international law regardless of location.111
Id. at 257.
Id.
This question of liability for damage is nonetheless important. By being able to hold foreign states liable for damage incurred as a result of hacking, states can shift the cost-benefit calculus of hacking attempts by requesting damages. While this may not wholly eliminate submarine cable hacking, potential liability for damage may reduce overall hacking activity levels. It typically costs millions of dollars to repair damage to the actual cable.113
For example, a cable fault in the Pacific in 2007 cost $8 million to repair the cable. Michael Matis, The Protection of Undersea Cables: A Global Security Threat, U.S. Army War College (2012), https://perma.cc/34Y8-VLX3.
The Economic Impact of Submarine Cable Outages Can Still be Enormous, SubCable World (Aug. 21, 2017), https://perma.cc/TF2F-QQ7R.
C. Incidental Effects of Submarine Cable Hacking: Violations of the International Right to Privacy
TOPA second incidental effect of submarine cable hacking is the violation of citizens’ privacy by harvesting electronic data. Because hacking operators cannot control what data they siphon off, hackers will inevitably intercept citizens’ private communications and data in their operations, unless the cable is a dedicated military cable. This violation of privacy is significant because, as the Tallinn Manual experts noted, cyber operations may not be conducted in an unlawful manner.115
Tallinn Manual, supra note 99, at 170.
A number of conventions have enumerated an international right to privacy.116
Universal Declaration of Human Rights, Dec. 12, 1948, G.A. Res. 217A, U.N. Doc. A/810 art. 12; International Covenant on Civil and Political Rights, Dec. 16, 1966, S. Exec. Rep. 102-23, 999 U.N.T.S. 171. art. 17 [hereinafter ICCPR]; Convention on the Rights of the Child, 20 Nov. 1989, 1577 U.N.T.S. 3 art. 16; Convention on the Rights of Persons with Disabilities, 3 May 2008, 2515 U.N.T.S. 3 art. 22; International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families, 18 December 1990, 2220 U.N.T.S. 39481 art. 14.
Universal Declaration of Human Rights, supra note 116, art. 12.
ICCPR, supra note 116, art. 17.
Francesca Bignami, Human Rights Extraterritoriality: The Right to Privacy and National Security Surveillance, GWU Law School Public Law Research Paper No. 2017-67 (2017).
See, e.g., G.A. Res. 71/199, The Right to Privacy in the Digital Age (Dec. 19, 2016).
Ashley Deeks, An International Legal Framework for Surveillance, 55 Va. J. Int’l L. 291, 311 (2015).
The scope of this right is less clear for intelligence gathering on foreign states or foreign nationals. The U.S. has presented the most limited interpretation of the right to privacy in this context. According to the U.S., the right only attaches to citizens within a state’s territory and subject to its jurisdiction.122
Bignami, supra note 119, at 4.
Hum. Rts. Comm., General Comment no. 31, Nature of the General Legal Obligation on State Parties to the Covenant, ¶ 10, U.N. Doc. CCPR/C/21/Rev.1/Add.13 (May 26, 2004).
Kristian P. Humble, International Law, Surveillance and the Protection of Privacy, Int’l J. Hum. Rts. (2020) 1, 5.
The debate around the scope of this right centers on whether a state exercises “effective control” over a person or territory in determining jurisdiction. As discussed earlier, the high seas are beyond the territorial reach of any particular state. Therefore, questions of “effective control” become more pressing as scholars consider whether a state exercises effective control over cyberspace through cables located on the high seas. This question is hotly debated. Some scholars have noted limiting effective control to solely physical territory may result in illogical results as it is not clear where cyber communications are physically located when conducted over the internet.125
Bignami, supra note 119, at 5.
Humble, supra note 124, at 13.
An international right to privacy nevertheless remains controversial. Some scholars insist an application of a universal right to privacy may undermine domestic protections against surveillance currently in place.127
Stephen J. Schulhofer, An International Right to Privacy? Be Careful What You Wish for, 14 Int’l J. Const. L. 238 (2016).
Asaf Lubin, We Only Spy on Foreigners: The Myth of a Universal Right to Privacy and the Practice of Foreign Mass Surveillance, 18 Chi. J. Int’l L. 502 (2018).
Ronald J. Krotoszynski, Autonomy, Community, and Traditions of Liberty: The Contrast of British and American Privacy Law, 39 Duke L.J. 1398, 1401–02 (1990) (where privacy is defined as “a realm of individual autonomy in recognized and accepted social contexts” that is “defined in relation to a particular society at a particular point in time”).
Regardless of the ongoing debate, the recognition and scope of the right to privacy appears to be shifting, as discussed in Section III, toward a greater recognition of the right to privacy. Scholars have noted international human rights cases increasingly find states’ human rights obligations follow them in acting abroad.130
Beth Van Schaack, The United States’ Position on the Extraterritorial Application of Human Rights Obligations: Now Is the Time for Change, 90 Int’l L. Stud. Ser. US Naval War Col. 20, 32 (2014).
Id. at 31–52.
10 Human Rights Organisations v. United Kingdom¸ Privacy International (July 10, 2019), https://perma.cc/L3YH-VDZX.
Cynthia O’Donoghue & Nona Keyhani, ECtHR Rules on UK Mass Surveillance Under RIPA¸ Reed Smith Technology Law Dispatch (Oct. 25, 2018), https://perma.cc/7EXY-UCLJ.
10 Human Rights Organisations v. United Kingdom, supra note 132.
PI’s Statement on the ECtHR Decision in Privacy International v. UK, Privacy International (Sept. 3, 2020), https://perma.cc/PPD9-NZ2D.
Natasha Lomas, Europe’s Top Court Confirms no Mass Surveillance Without Limits, TechCrunch (Oct. 6, 2020), https://perma.cc/4L9U-U4Y6.
Id.
While cooperation for developing protections and harmonization of definitions for privacy in the internet age is ongoing,138
Joel R. Reidenberg, Resolving Conflicting International Data Privacy Rules in Cyberspace, 52 Stanford L. Rev. 1315 (2000).
This Section explores current scholarship on submarine cable protections and submarine cable hacking. This Section serves to provide context for the novelty of the solution offered in Section VII and discuss how scholars interpret currently proposed avenues for liability for submarine hacking. Scholars currently focus on protections for incidental or intentional damage to cables in order to raise the relative costs associated with hacking. Scholars, however, are pessimistic about current domestic protections toward submarine cables and generally accept submarine cable hacking as part of the international landscape. Notably, scholars have previously not used the right to privacy to frame the debate around submarine cable hacking and have not used dispute resolution mechanisms, like ITLOS, for resolving these issues.
As a summary of prior Sections, UNCLOS does not explicitly place restrictions on peacetime intelligence gathering or cyber operations on the high seas or in the EEZ. Because the high seas are not subject to any state’s domestic jurisdiction and the EEZ is subject to very limited jurisdiction, domestic laws against hacking or damage to submarine cables do not apply in these areas. Further, there is no international treaty or convention that restricts or bans cyber operations generally. Experts agree that “the bottom line is that there is no clear prohibition against the physical tapping of fiber optic cables in the EEZ [or the high seas] to be found in UNCLOS”139
Davenport, supra note 29, at 106.
Tallinn Manual, supra note 99, at 257.
While states generally have the freedom to conduct cyber operations on the high seas, if the method of those operations violates other international treaties or laws, those methods are subject to liability.141
Davenport, supra note 29, at 106 (“Within the EEZ, the discussion above on the controversy surrounding the legality of intelligence gathering activities would also apply—the bottom line is that there is no clear prohibition against the physical tapping of fiber optic cables in the EEZ to be found in UNCLOS.”); Tallinn Manual, supra note 99, at 257 (minding “prejudice to the application of other international legal norms,” cable tapping is not per se illegal on the high seas).
Tallinn Manual, supra note 99, at 257.
Scholars, however, are pessimistic about using Article 112 or Article 113 to protect submarine cables. While UNCLOS requires states to have domestic laws to punish intentional or negligent damage of undersea cables, most states have not imposed these regulations. For example, Canada does not have any legal protections for cables once laid.143
Scott Coffen-Smout & Glen J. Herbert, Submarine Cables: A Challenge for Ocean Management¸ 24 Marine Pol’y 441, 444 (2000).
See G.A. Res. 66/231, ⁋ 12 (Apr. 5, 2012); G.A. Res. 67/78, ⁋ 131 (Dec. 11, 2012).
And where states do have regulations, those protections are generally weak and rarely enforced. For example, U.S. federal law states parties who intentionally damage cables are subject to a maximum fine of $5,000.145
Coffe-Smout & Herbert, supra note 143, at 444.
Tara Davenport, Submarine Communications Cables and Law of the Sea: Problems in Law and Practice, 43 Ocean Dev. & Int’l L. 201 (2012).
Robert Wargo & Tara Davenport, Protecting Submarine Cables from Competing Uses, in Submarine Cables: The Handbook of Law and Policy 255, 263 (eds. Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport) (2014).
Scholars and advocates have argued strengthening these domestic protections may offer some relief against hacking. As discussed in the previous Section, by increasing the costs associated with a hacking operation, the associated cost-benefit analysis shifts. Scholars have focused on increasing these protections in the absence of a new international framework against hacking. Tara Davenport noted Article 113 of UNCLOS would apply to damage done through cable tapping but that domestic protections against submarine cable damage are “woefully inadequate” and “not commensurate with the damage resulting from intentional interference.”148
Davenport, supra note 29, at 84, 106.
Zoe Scanlon, Addressing the Pitfalls of Exclusive Flag State Jurisdiction: Improving the Legal Regime for the Protection of Submarine Cables, 48 J. Mar. L. & Com. 295, 299 (2017).
While there is some appetite for bolstering domestic protections,150
Davenport, supra note 29, at 84, 106; see also Nadia Schadlow & Brayden Helwig, Protecting Undersea Cables Must be Made a National Security Priority, Def. News (July 1, 2020), https://perma.cc/BP65-LGX4.
Wargo & Davenport, supra note 147, at 256.
Griffiths, supra note 16.
Scholars, in recognition of these weaknesses, have generally accepted submarine cable hacking as part of the international landscape until further protections can be crafted or norms around cyber operations crystallize against mass surveillance.153
Tallinn Manual, supra note 99, at 257; see also, Davenport, supra note 29.
This Section describes the novel solution offered by this Comment with respect to submarine cable hacking. The Section first describes how the binding dispute resolution system under the International Tribunal for the Law of the Sea (ITLOS) likely has jurisdiction over submarine hacking attempts. This Section further argues, contrary to prior scholarly work, the lack of domestic protections for submarine cable hacking benefits the creation of international norms and a regime against cable hacking. This Section then proposes two solutions using ITLOS. First, ITLOS can be used to create an international regime protecting against submarine cable damage. This in turn raises the costs of submarine cable hacking and may lower hacking activity levels. Second, ITLOS can serve as a forum to argue hacking violates the international right to privacy and therefore should not be permitted even on the high seas. This analysis of the right to privacy with respect to submarine cables is novel in current scholarship and contributes to the ongoing debate about the limits of bulk surveillance collection and surveillance protections generally.
As a preliminary matter, ITLOS likely has jurisdiction over alleged submarine hacking disputes. As referenced above, under UNCLOS, ITLOS serves as a dispute resolution mechanism between states. The jurisdiction of ITLOS is broad, encompassing “all disputes and all applications submitted to it in accordance with [UNCLOS].”154
UNCLOS, supra note 65, Annex VI, art. XXI. See generally Treves, supra note 90.
Under UNCLOS Articles 112 and 113, states have two arguments as to why ITLOS has jurisdiction over submarine cable hacking. First, states can use ITLOS for dispute resolution where other states are not abiding by their obligations to UNCLOS. Article 113 provides states must adopt laws and regulations to punish “breaking or injury” of submarine cables on the high seas “in such a manner as to be liable to interrupt or obstruct telegraphic or telephonic communications.”155
UNCLOS, supra note 65, art. CXIII. While fiber optic cables are not strictly telephonic, they are generally presumed to fall under Article 113.
For discussion of the general jurisdictional requirements of ITLOS, see generally Treves, supra note 90.
Second, states can present arguments that protections for cables under UNCLOS are broader than the right to merely lay cables. Article 112 codifies the right for all states “to lay submarine cables and pipelines on the bed of the high seas beyond the continental shelf.”157
UNCLOS, supra note 65, art. CXII.
Even if Articles 112 and 113 are not compelling enough to justify jurisdiction, ITLOS also has jurisdiction over “any dispute concerning the interpretation or application of an international agreement related to the purposes of [UNCLOS].”158
Id. art. CCLXXXVIII.
John E. Noyes, The International Tribunal for the Law of the Sea, 32 Cornell Int’l L. J. 109, 133 (1999).
For example, in a case involving detained sailors, ITLOS asserted international human rights under other international conventions were at issue. Plaintiffs, however, had to first assert a jurisdictional link to these rights by noting that the detention that led to these violations was sanctioned under UNCLOS.160
Anna Petrig & Marta Bo, The Internatjonal Tribunal for the Law of the Sea and Human Rights, in Human Rights Norms in ‘Other’ International Courts 353, 386 (Martin Scheinin ed., 2019).
Id. at 386–91.
Before reaching these questions of ITLOS jurisdiction, however, ITLOS may only resolve disputes under UNCLOS “after local remedies have been exhausted where this is required by international law.”162
UNCLOS, supra note 65, art. CCLXXXXV.
Coffen-Smout & Herbert, supra note 143, at 444.
Id.; Davenport, supra note 29, at 84.
There is some question as to whether weak enforcement regimes, as in Australia or the United States, would be sufficient to evade ITLOS jurisdiction. States, however, can likely still obtain jurisdiction over this question.
And while scholars have criticized the weakness of these domestic protections and frequently recommended instituting stronger domestic regulations, the absence of these regulations actually strengthens the argument for jurisdiction under ITLOS. If domestic regulations were available, states would be obligated to pursue liability under those regulations. Because states have not implemented these regulations or have incredibly weak domestic protections, this domestic remedy is likely not available.166
Davenport, supra note 29, at 106.
Id. at 84, 106.
Once jurisdiction has been established, states can then turn to the two indirect effects of hacking—cable damage and violations of the right to privacy— to seek liability against hacking states.
States can use ITLOS to protect against hacking by enforcing liability for damages incurred from hacking. Using Articles 112 and 113 of UNCLOS, injured states can argue the offending states are not abiding by their UNCLOS requirements to create a domestic regime to punish cable damagers. Injured states can further argue offending states violate the freedom to lay and operate submarine cables. In the first instance, an injured state may use ITLOS to force the offending state to punish its wrongdoers under its own domestic jurisdiction. ITLOS can bind states to craft and administer regimes protecting cables against damage by their citizens. This may in turn increase prospective economic costs of hacking and reduce overall hacking activity levels. While states may have an incentive to cheat, the political costs from breaking with its required enforcement regime will only increase under a binding dispute resolution order from ITLOS.
States can further argue domestic protections as required under UNCLOS may not wholly protect this articulated right. If the cost of damage to cables is so expensive168
Matis, supra note 113.
The Economic Impact of Submarine Cable Outages Can Still Be Enormous, supra note 114.
In the second instance, states may argue the freedom to lay and operate cables under UNCLOS extends to protections against interference by foreign states on the high seas. While UNCLOS only protects against “damage” to cables,170
UNCLOS, supra note 65, art. CXIII.
ITLOS would likely be receptive to this argument. ITLOS has a history of extending greater protections to states than is precisely articulated in the language of UNCLOS. In MV/Saiga, ITLOS held Guinea violated the prohibition against the excessive use of force in detaining ships, although prohibitions against the excessive use of force are not expressly articulated by UNCLOS.171
M/V Saiga (No. 2) (St. Vincent v. Guinea), Case No. 2, Memorial of St. Vincent of June 19, 1998, 2 ITLOS Rep. 13, ¶ 95.
Guyana v. Suriname, 47 I.L.M. 166, ¶ 405 (Perm. Ct. Arb. 2007).
This solution is novel as it resolves the lack of enforcement mechanism scholars criticized by scholars with respect to domestic cable regimes. Because ITLOS can require states to abide by their treaty obligations, ITLOS can then mandate states create domestic regulations to protect cables. Further, this solution allows ITLOS to hear arguments about more general freedoms related to submarine cable use. Because ITLOS can hear arguments related to other binding treaties and agreements,173
UNCLOS, supra note 65, art. CCLXXXXIII.
This solution carries with it a handful of potential caveats. First, ITLOS will most likely require the offending country to hold violators domestically liable. This follows because Articles 112 and 113 of UNCLOS only require a domestic cable protection scheme. The offending country is likely to impose minimal penalties or elect not to impose penalties. This strategy may then not raise costs associated with hacking to lower overall activity levels. This outcome, however, does not fully undermine the solution described above. If countries’ domestic regimes continue to be weak or weakly enforced, ITLOS is more likely to extend greater protections to cables than are required under UNCLOS. This would be similar to the extension of greater rights than necessary in Guyana v. Suriname.174
Suriname, 47 I.L.M. 166.
Second, arguments about more general rights to cable protections, such as the freedom of cable operation, may be weak because not many states signed onto the 1884 Convention or the intervening conventions of the laws of the sea. Without a convention to point to, ITLOS would then be relying on general norms of international law in creating a liability regime for cable damage. ITLOS may be reticent to do that for fear of overstepping its bounds and of countries not participating in dispute resolution. Once such refusal occurred in Arctic Sunrise when Russia refused to appear in front of ITLOS.175
Chao Zhang, Russian Absence at the Arctic Sunrise Case: A Comparison with the Chinese Position in the South China Sea Arbitration, 8 J. E. Asia & Int’l L. 413, 414 (2015).
Third, not all hacking attempts end in damage to submarine cables. If a cable was not damaged during a hacking attempt, this regime may not apply. Accordingly, states must turn to other norms or rights to protect against submarine hacking. The following Section presents a solution to submarine cable hacking that centers on the right to privacy and does not rely on damage to the underlying cable to provide liability.
States can also use ITLOS to pursue violations to the international right to privacy committed by hacking. ITLOS is able to apply UNCLOS law and “other rules of international law not incompatible with” UNCLOS including the Universal Declaration of Human Rights and the ICCPR.176
UNCLOS, supra note 65, art. CCLXXXXIII; Noyes, supra note 159, at 124.
States can argue hacking contravenes the right to privacy embedded in numerous human rights treaties. As discussed in Section V, citizens enjoy a right to privacy under many international conventions. ITLOS can enforce violations of the ICCPR and other treaties as they relate to the right to privacy. While submarine cable hackers may be attempting to access sensitive government information, the hacking of undersea cables almost inevitably includes access to private citizens’ internet traffic because states cannot pick and choose what information they obtain.177
Mark Harris, How US National Security Agencies Hold the Internet Hostage, TechCrunch (July 18, 2019), https://perma.cc/J4UV-HNNM.
While litigation around the right to privacy is relatively new, there is a trend among international bodies toward recognizing a universal right to privacy. As discussed in Section V, the ECtHR previously held the U.K.’s bulk surveillance program through fiber optic cables violated the right to privacy but subsequently dismissed the case on appeal for failure to pursue all domestic remedies.178
10 Human Rights Organisations v. United Kingdom, supra note 132.
Lomas, supra note 136.
Melissa Eddy, Right to Privacy Extends to Foreign Internet Users, German Court Rules, N.Y. Times (May 19, 2020), https://perma.cc/GVU4-X7L5.
Frederic Gilles Sourgens, The Privacy Principle, 42 Yale J. Int’l L. 345, 354 (2017); see also Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 2004 I.C.J. 136 (July 9).
United States Diplomatic and Consular Staff in Tehran (U.S. v. Iran), Judgment, 1980 I.C.J. 3, 35 (May 24) (finding expulsion of the spying diplomat was the proper remedy); Libananco Holdings Co. Limited v. Republic of Turkey, ICSID Case No. ARB/06/8, Decision on Preliminary Issues, 1 43 (June 23, 2008) (finding states can intercept communications as part of lawful criminal investigations).
Van Schaack, supra note 130, at 32.
Rights under the ICCPR and the Universal Declaration of Human Rights have previously been protected by ITLOS.184
See generally Petrig & Bo, supra note 160.
M/V Saiga (No.2) (St. Vincent v. Guinea), Judgment of July 1, 1999, ITLOS Rep., 10.
Id. ⁋ 15; see also Treves, supra note 90, at 5.
Petrig & Bo, supra note 160, at 382–85, 386–91.
These cases demonstrate “a pattern of increased willingness on the part of States to invoke (universal) human rights instruments (i.e., the ICCPR)—and, in this case, even the views of human rights bodies (i.e., the Human Rights Committee) — in provisional measures proceedings before ITLOS.”188
Id. at 391.
See generally Francesca Delfino, ‘Considerations of Humanity’ in the Jurisprudence of ITLOS and UNCLOS Arbitral Tribunals, in Interpretations of the United Nations Convention on the Law of the Sea by International Courts and Tribunals 421 (Angela Del Vecchio & Roberto Virzo eds., 2019).
ITLOS is further likely to invoke the right to privacy under the ICCPR or the Universal Declaration of Human Rights because privacy is so closely linked to the subject of the proceeding on the merits. ITLOS requires “the relief sought (and the rights to be protected by the relief) must be closely related to the rights subject to the proceedings on the merits.”190
Petrig & Bo, supra note 160, at 380.
This solution is novel for a handful of reasons. First, this solution uses a supposed weakness in international protections for submarine cables—lack of domestic protections— as the jurisdictional hook for liability. Although scholars have critiqued the weakness of these regimes,191
See Davenport, supra note 29, at 84; Scanlon, supra note 149, at 299–301.
Second, this solution avoids questions of the peacetime legitimacy of state intelligence gathering more generally. As discussed in the Tallinn Manual, cyber operations may not be conducted in an unlawful manner.192
Tallinn Manual, supra note 99, at 170.
While a novel method of solution, the use of ITLOS to make claims against the international right to privacy is not without caveats. While the caveats discussed below are not fatal to the solution described, they do present questions about the potential scope of the solution asserted and how controversies around the international right to privacy and international legal obligations generally bleed into the conversation around submarine cables.
First, not all states are signatories to UNCLOS or the human rights conventions that describe the international right to privacy. Prominently, for example, the U.S. has not ratified its participation in UNCLOS, although it is a signatory.193
Will Schrepferman, Hypocri-Sea: The United States’ Failure to Join the UN Convention on the Law of the Sea, Harv Int’l R. (Oct. 31, 2019), https://perma.cc/DG73-SR5A.
Id.
Second, even if a decision is binding, it is not clear how ITLOS would enforce its arbitration decisions if parties do not comply.195
Noyes, supra note 159, at 154.
Craig H. Allen, ITLOS Orders Russia to Release ARCTIC SUNRISE and Its Greenpeace Protestors, OpinioJuris (Nov. 25, 2013), https://perma.cc/RZ7S-SQPT.
Third, if the injured state and the hacking state have reasonably robust domestic cable protection schemes, ITLOS may not have jurisdiction. As discussed above, ITLOS requires states to exercise local remedies before appealing to ITLOS for dispute resolution. If the offending state has domestic protections, the injured state can appeal to that state to subject the offenders to domestic protections. This would result in the offending state being responsible for enforcing a regime which its citizens, and quite probably state agents, have violated. The incentives for the offending state to do so are minimal.
This possibility, however, is not fatal to the above solution mechanism. States can still appeal to UNCLOS for greater clarity for states’ responsibilities for cable protections on the high seas under Articles 112 and 113 of UNCLOS. States can further dispute the domestic proceedings as insufficient to compensate the injured party for potential cable damage or the stolen information. And states can likely still make claims related to the international right to privacy not addressed by domestic protections. While this last claim may raise issues around whether ITLOS is the proper body to hear these complaints, because the conduct occurs at sea, ITLOS still has a viable claim to jurisdiction.
Fourth, relatedly, the most probable avenue to obtain jurisdiction under ITLOS involves damage to submarine cables as a result of hacking. If hacking technologies are sufficiently sophisticated, they may cause no harm to submarine cables. Accordingly, states would need to develop alternative reasons to obtain ITLOS jurisdiction. As discussed above, states can argue for dispute resolution for interfering with cable operation under Articles 112 or 113. More generally, states can argue ITLOS’s broad jurisdiction gives them standing, but this also seems weak.
Alternatively, states can make claims using the more general wording of the 1884 Convention. The 1884 Convention prevents “interference” with telegraph cables. Because hacking necessarily involves some degree of signal interference of fiber optic cables, hacking would likely fall into this broader “interference” category. And because the 1884 Convention does not have a body for dispute resolution related to obligations under the Convention, states can reasonably argue ITLOS is the most proper forum to hear disputes.
This argument does not guarantee jurisdiction either. Foremost, the 1884 Convention addresses telegraph cables. While it seems reasonable to extend these protections to fiber optic or internet cables given the spirit of the Convention, the 1884 Convention is then limited in scope. Further, “interference” is harder to prove as compared to external damage to cables in hacking attempts. It is more difficult for signal operators to observe momentary gaps in service as compared to external cable damage, and maintaining a record showing this interference is both costly and difficult. Additionally, not many states are parties to the 1884 Convention as compared to UNCLOS. While many of the power players likely to engage in hacking are parties to both, including Russia and the U.K., some states are parties only to UNCLOS, like China, or party only to the 1884 Convention, like the U.S. Finally, the 1884 Convention, like UNCLOS, only presents obligations for states to create domestic protective schemes for submarine cables. The 1884 Convention does not have any enforcement mechanisms against this bad behavior which makes ITLOS’s jurisdiction more specious. And claims related to U.N. human rights obligations using the 1884 Convention to confer jurisdiction seem weak.
Fifth, claims of the right to privacy are relatively novel for international courts and the limits of this right have not been clearly defined. ITLOS, in turn, may not make sweeping decisions related to hacking for these types of cases without further clarity on the scope of the right to privacy. ITLOS may instead resolve the dispute by requiring greater compensatory damages or greater domestic protections for damage to cables without resolving the issue of hacking. This result may incidentally reduce hacking by raising the possible costs associated with hacking attempts, but states may still find the possible damages as reasonable to the perceived intelligence gains from hacking. Accordingly, privacy suits may need to wait for greater international consensus on the limits of the right to privacy.
This solution, however, can build on changing norms around the right to privacy. As discussed in Section V, the international right to privacy is increasingly recognized on the global stage. This solution presents novel questions within this ongoing debate. The recognition of the right to privacy depends largely on “effective control” of the persons or territory involved in the surveillance.197
Bignami, supra note 119, at 5.
Further, submarine cables are simultaneously a protected and necessary state resource and located on the high seas. Cables may then be a useful framing to consider how much control and sovereignty states have over their cyber space. Are cables more like physical territory or more like ephemeral cyber space in considering sovereignty and does the distinction ultimately matter with respect to privacy rights? This Comment is unable to answer these questions fully, but the Comment’s solution opens novel avenues for argument around these themes and may help advance the dialogue with respect to privacy rights.
Sixth, some states may not want to pursue creating a regime against submarine cable hacking. As discussed in Section II, many global powers, including the U.S., China, the U.K., and Russia, engage in submarine cable hacking. States, particularly those with robust submarine military presences, may want to preserve the ability to surveil other states using submarine cable hacking. These states would therefore not invoke ITLOS or the right to privacy against submarine cable hacking. This may be a particularly onerous challenge because these powerful states often develop and enforce global norms.
As discussed in Section III, however, this criticism may not necessarily be fatal to the solution offered above. Norms with respect to submarine cables and hacking in general appear to be shifting. Smaller states or landlocked states that do not engage in submarine cable hacking have incentives to further develop these norms to protect their citizens’ privacy and governmental data without the counterincentive of preserving the right to hack other states. While this shift may take time to play out, the momentum is in favor of increased recognition of privacy rights as discussed in Section V. Regardless, as hacking increases and as the associated damage from hacking rises, international legal solutions may be more cost effective than patrolling the seas against hacking attempts. Accordingly, states may decide international norms are a more cost-effective way of reducing hacking activity levels.
Seventh, if states elect not to pursue a hacking complaint against another state for geopolitical reasons, the injured cable operator may not be able to use ITLOS to seek a suitable remedy. In most cases, the injured party is likely a corporation. Due to the terrific costs in laying submarine cables, the majority of modern-day cables are owned and laid by private companies and collectives. For example, Google has backed at least 14 cables globally and other tech firms have similarly pursued their own submarine cable systems.198
Winston Qiu, Complete List of Google’s Subsea Cable Investments, Submarine Cable Networks (July 9, 2019), https://perma.cc/3KL8-T4PK.
Many corporations form cable cooperatives to share repair and installation costs. See, for example, the Atlantic Cable Maintenance & Repair Agreement. About, ACMA, https://perma.cc/DXF6-NPFM.
ITLOS jurisdiction over corporations is somewhat ambiguous but appears limited. Article 20 of the ITLOS charter provides non-state entities can access to the Tribunal for cases where other agreements accepted by all parties in the case confer jurisdiction to ITLOS.200
Noyes, supra note 159, at 132.
This, however, does not entirely eliminate the possibility of enforcing an anti-hacking regime through corporate action. Depending on the jurisdictional limits of the corporation’s home country, corporations can pursue private civil suits against foreign states.201
See, generally Rebecca Crootof, International Cybertorts: Expanding State Accountability in Cyberspace, 103 Cornell L. Rev. 565 (2018).
See generally Samantha N. Sergent, Extinguishing the Firewall: Addressing the Jurisdictional Challenges to Bringing the Cyber Tort Suits Against Foreign Sovereigns, 72 Vand. L. Rev. 391 (2019).
This Comment examined whether states had any recourse under public international law when foreign states hacked into submarine cables. In so doing, this Comment explored public international law around submarine cables (Section IV) and public international law with respect to hacking (Section V) to conclude states can use the International Tribunal of the Law of the Sea (ITLOS) invoke liability (Section VI). This Comment argued ITLOS would have proper jurisdiction over submarine hacking claims and would be a suitable body to address these complaints due to the weakness of domestic cable protections. This Comment argued states have two avenues for establishing liability through ITLOS: damage to cables or violations of the international right to privacy. This Comment thus invokes broader discussion of how states can seek legal recourse against submarine cable hacking while norms and conventions addressing hacking and submarine cables continue to develop.
- 1See, generally Edward Malecki & Hu Wei, A Wired World: The Evolving Geography of Submarine Cables and the Shift to Asia, 99 Annals Ass’n Am. Geographers 360 (2009).
- 2Greg Miller, Undersea Internet Cables are Surprisingly Vulnerable, Wired (Oct. 29, 2015), https://perma.cc/X53J-XMHA.
- 3Submarine Cable Map, TeleGeography, https://perma.cc/S2SR-FL66(2021).
- 4Chris Baynes, Entire Country Taken Offline for Two Days After Undersea Internet Cable Cut, Indep. (Apr 11, 2018), https://perma.cc/26LE-P6QD.
- 5Tim Johnson McClatchy, Undersea Cables: Too Valuable to Leave Vulnerable, Gov’t Tech. (Dec. 12, 2017), https://perma.cc/AH3X-TPMX.
- 6Christopher Drew, Divers Say Net Tied Submarine to Listening Device, N.Y. Times (Aug. 9, 2005), https://perma.cc/YXS8-ACXT.
- 7Sophia Ankel, Russian Intelligence Agents Reportedly Went to Ireland to Inspect Undersea Cables, and It’s Reigniting Fears They Could Cut Them and Take Entire Countries Offline, Bus. Insider (Feb. 17, 2020), https://perma.cc/8CE7-V38L.
- 8Doug Brake, Info. Tech. & Innovation Found., Submarine Cables: Critical Infrastructure for Global Communications (2019), https://perma.cc/8YQ8-T9TL.
- 9Anthony Spadafora, Google, Facebook Undersea Web Cable Will No Longer Connect US and Hong Kong, TechRadar (Aug. 31, 2020), https://perma.cc/U8YZ-FXXS.
- 10Justin Sherman, The US-China Battle over the Internet Goes Under the Sea, Wired (June 24, 2020), https://perma.cc/5X8K-8FY4.
- 11Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davis & James Ball, GCHQ Taps Fibre-optic Cables for Secret Access to the World’s Telecommunciations, The Guardian (June 21, 2013), https://perma.cc/4DGD-HRN5.
- 12Barbara Starr, U.S. Sensors Detect Russian Submarines Near Underwater Cables, CNN (Oct. 28, 2015), https://perma.cc/RL96-QV9L.
- 13Olga Khazan, The Creepy, Long-Standing Practice of Undersea Cable Tapping, The Atlantic (July 16, 2013), https://perma.cc/W8GY-F5R2.
- 14David McCabe, F.C.C. Designates Huawei and ZTE as National Security Threats, N.Y. Times (June 30, 2020), https://perma.cc/PW37-6Z2Y.
- 15Tim Hornyak, Here’s What It Takes to Lay Google’s 9,000km Undersea Cable, ComputerWorld (July 13, 2015), https://perma.cc/EHL6-GSMX(approximately $300 million for a cable between the U.S. and Japan).
- 16James Griffiths, The Global Internet Is Powered by Vast Undersea Cables. But They’re Vulnerable, CNN (July 26, 2019), https://perma.cc/3VJM-LQQD.
- 17Id.
- 18Stewart Ash, The Development of Submarine Cables, in Submarine Cables: The Handbook of Law and Policy 19 (Douglas R. Burnett, Robert C. Beckman & Tara C. Davenport eds., 2014).
- 19Klint Finley, How Google Is Cramming More Data into Its New Atlantic Cable, Wired (Apr. 5, 2019), https://perma.cc/D49P-23GW.
- 20H.I. Sutton, How Russian Spy Submarines Can Interfere with Undersea Internet Cables, Forbes (Aug. 19, 2020), https://perma.cc/5BXR-4CWT.
- 21Yohei Hirose, Japan, US and Australia to Finance Undersea Cable for Palau, Nikkei Asia (Oct. 28, 2020), https://perma.cc/2WXP-FH9D.
- 22Marissa Alcala et al., Financing Subsea Cables in Latin America, Norton Rose Fulbright (June 16, 2020), https://perma.cc/QPG9-QKZW.
- 23Sam Shead, Google Is Building a Huge Undersea Fiber-Optic Cable to Connect the U.S. to Britain and Spain, CNBC (July 28, 2020), https://perma.cc/T3GE-N363.
- 24See generally Isaac Geisler et al., Dep’t of Sys. Eng’g & Operations Res., Geo. Mason Univ., Design of a Transoceanic Cable System (2015), https://perma.cc/7WPB-HRPE.
- 25Griffiths, supra note 16.
- 26Investigators ultimately determined a ship’s anchor was to blame for at least one of four simultaneously damaged cables connecting the Middle East and Europe, but many at the time alleged the cables were damaged by private actors and conspiracy theories still abound. Lily Hay Newman, Cut Undersea Cable Plunges Yemen Into Days-Long Internet Outage, Wired (Jan. 13, 2020), https://perma.cc/C4AF-CLBG;Kim Zetter, Undersea Cables Cut; 14 Countries Lose Web – Updated, Wired (Dec. 19, 2008), https://perma.cc/3TGK-EUHH.
- 27Michael Sechrist, Harv. Kennedy Sch. Belfer Ctr., New Threats, Old Technology: Vulnerabilities in Undersea Communications Cable Network Management Systems (2012), https://perma.cc/953R-MSKW.
- 28New Nuclear Sub Is Said to Have Special Eavesdropping Ability, N.Y. Times (Feb. 20, 2005), https://perma.cc/KDM9-683P.
- 29See Tara M. Davenport, Submarine Cables, Cybersecurity & International Law: An Intersectional Analysis, 24 Cath. U. J.L. & Tech. 57, 103–5 (2015).
- 30Meghan Neal, How to Hack the Backbone of the Internet, Vice (Oct. 31, 2013), https://perma.cc/6MWG-CF3E.
- 31See Khazan, supra note 13.
- 32Id.
- 33Submarine Cables, Nat’l Oceanic & Atmospheric Admin. (NOAA), https://perma.cc/2YKK-DTS3.
- 34Paul Brodsky, Let’s Just Say Demand Is Thriving in the Global Bandwidth Market, Telegeography Dig. (May 1, 2020), https://perma.cc/B245-M8FE.
- 35Data Volume of Global Consumer IP Traffic From 2017 to 2022, Statista (Feb. 2019), https://perma.cc/FY6S-NVT6.
- 36Alex Vaxmonsky, New Subsea Cable Architectures Are Carrying the World’s Traffic, Equinix (Mar. 16, 2020), https://perma.cc/9GHL-WD9A.
- 37Geoff Bennett, Subsea Cable Capacity: Where Do We Go Next?, Submarine Telecoms F. (Sept. 21, 2020), https://perma.cc/8P7K-NKJ3.
- 38Submarine Cable System Market Worth $22.0 Billion by 2025, PR Newswire (Feb. 27, 2020), https://perma.cc/7QTT-LM33.
- 39MacAskill et al., supra note 11.
- 40David E. Sanger & Eric Schmitt, Russian Ships Near Data Cables Are Too Close for U.S. Comfort, N.Y. Times (Oct. 25, 2015), https://perma.cc/WM9H-G9C6.
- 41Xavier Vavasseur, Russia’s Pacific Fleet to Get 15 New Vessels in 2020, Naval News (May 29, 2020), https://perma.cc/39VS-4HZD.
- 42Garrett Hinck, Evaluating the Russian Threat to Undersea Cables, Lawfare (Mar. 5, 2018), https://perma.cc/5RRD-PSX2.
- 43Agence-France Presse, Pacific Data Cable Not Safe from China if Hong Kong Included, Says US, The Guardian (June 17, 2020), https://perma.cc/HWY2-BLAB.
- 44Mark Harris, Google and Facebook Turn Their Backs on Undersea Cable to China, TechCrunch (Feb. 6, 2020), https://perma.cc/D3YQ-55H8.
- 45David E. Sanger & Steven Lee Myers, After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology, N.Y. Times (Nov. 29, 2018), https://perma.cc/KB46-K7SG.
- 46Id.
- 47Jim Newell, Thousands Gather in Washington for Anti-NSA ‘Stop Watching Us’ Rally, The Guardian (Oct. 26, 2013), https://perma.cc/VWF5-AFSN.
- 48The Right to Privacy in the Digital Age, U.N. Hum. Rts. Off. High Comm’r, https://perma.cc/PH43-KGJY.
- 49For attempts to solve this problem and a description of the technical requirements involved, see Lijuan Zhao et al., On-Line Monitoring System of 110 kV Submarine Cable Based on BOTDR, 216 Sensors & Actuators 28 (2014); Ye Yincan et al., Submarine Cable Project Management and Maintenance Monitoring Information System, in Submarine Optical Cable Engineering 259 (Ye Yincan, Jiang Xinmin, Pan Guofu, Jiang Wei eds., 2018).
- 50Could Russia Cut Undersea Communication Cables?, BBC (Dec. 15, 2017), https://perma.cc/XX95-7X7M.
- 51Adam Satariano, How the Internet Travels Across Oceans¸ N.Y. Times (Mar. 10, 2019), https://perma.cc/KVR3-WD5N.
- 52For example, the first submarine cable crossing the English Channel was cut by a fisherman who thought he discovered a new species of seaweed. Eric Wagner, Submarine Cables and Protections Provided by the Law of the Sea, 19 Marine Policy 127, 128 (1995).
- 53Convention for the Protection of Submarine Telegraph Cables, Mar. 14, 1884 [hereinafter 1884 Convention].
- 54Id. art. II (“It is a punishable offence to break or injure a submarine cable, willfully or by culpable negligence, in such manner as might interrupt or obstruct telegraphic communication, either wholly or partially, such punishment being without prejudice to any civil action for damages.”).
- 55Id. art. XII (“The High Contracting Parties engage to take or to propose to their respective legislatures the necessary measures for insuring the execution of the present Convention, and especially for punishing, by either fine or imprisonment, or both, those who contravene the provisions of Articles II, V and VI.”).
- 56Id. art. 17.
- 5747 USC § 21 et seq.
- 58Wagner, supra note 52, at 135.
- 591884 Convention, supra note 53, art. II.
- 60See id. arts. II, IV, VII; see also Douglas Burnett, Tara Davenport & Robert Beckman, Overview of the International Legal Regime, in Submarine Cables: The Handbook of Law and Policy 63, 71–72 (Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport eds., 2014).
- 61Convention on the High Seas, Apr. 29, 1958, 450 U.N.T.S. 82.
- 62Id. art. II.
- 63Id. art. XXVI.
- 64Id.
- 65United Nations Convention on the Law of the Sea, Dec. 10, 1982, 1833 U.N.T.S. 397 [hereinafter referred to as UNCLOS].
- 66UNCLOS, Int’l Union for Conservation of Nature, https://perma.cc/K8ZT-2UXV.For more information on the development of UNCLOS, see generally Myron H. Nordquist, et al., UNCLOS 1982 Commentary (Myron H Nordquist et al. eds., 2012).
- 67UNCLOS, supra note 65, art. II.
- 68Id. art. XXI; Burnett et al., supra note 60, at 76.
- 69Robert Beckman, Protecting Submarine Cables from Intentional Damage, in Submarine Cables: The Handbook of Law and Policy 281, 287 (Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport eds., 2014).
- 70Id at 287.
- 71UNCLOS, supra note 65, art. LVII.
- 72Id.. See generally Kenneth W. Swenson, A Stitch in Time: The Continental Shelf, Environmental Ethics, and Federalism, 60 S. Cal. L. Rev. 851 (1987).
- 73UNCLOS, supra note 65, art. LVI.
- 74Id. art. LVIII.
- 75Id. art. LXXXVIII.
- 76See id. art. LXXIX (referring to the “laying or maintenance” of submarine cables and “repairing” existing cables.”); see also Burnett et al., supra note 60, at 81.
- 77UNCLOS, supra note 65, art. LVIII.
- 78Id. art. LXIII.
- 79Beckman, supra note 69, at 288.
- 80Id.
- 81Zone to Protect Perth Submarine Cables, Australian Comm’n & Media Auth., https://perma.cc/R6RS-Q6G3.
- 82Beckman, supra note 69, at 288.
- 83UNCLOS, supra note 65, art. LXXXVI.
- 84Id. art. LXXXIX (“No state may validly purport to subject any part of the high seas to its sovereignty.”).
- 85Id. art. LXXXVIII..
- 86Id. art. CXII..
- 87Id. art. LXXXVII.
- 88UNCLOS, supra note 65, art. CXIII.
- 89Beckman, supra note 69, at 288; see also Wagner, supra note 52, at 135.
- 90UNCLOS, supra note 65, art. CCLXXXVII. See generally Tullio Treves, Human Rights and the Law of the Sea, 28 Berkeley J. Int’l. L. 1 (2010).
- 91UNCLOS, supra note 65, art. CCLXXXVII.
- 92Id. art. CCXCV.
- 93Id. art. CCLXXXVIII.
- 94List of Cases, International Tribunal for the Law of the Sea, https://perma.cc/ZW45-Y548.
- 95For example, ITLOS adjudicated the maritime boundary between Mauritius and Maldives in the Indian Ocean. See Dispute Concerning Delimitation of the Maritime Boundary Between Mauritius and Maldives in the Indian Ocean (Mauritius v. Maldives), Case No. 28, Special Agreement and Notification of 24 September 2019. In another case, ITLOS provided an advisory opinion for the minimum access conditions and exploitation of fishery resources for the Sub-Regional Fisheries Commission. See Request for Advisory Opinion Submitted by the Sub-Regional Fisheries Commission, Advisory Opinion, 2 April 2015, ITLOS Reports 2015, Case No. 21.
- 96Convention on Cybercrime, Nov. 23, 2001, E.T.S. No. 185.
- 97Amalie M. Weber, The Council of Europe’s Convention on Cybercrime, 18 Berkeley Tech. L.J. 425, 426–30 (2003).
- 98Id. at 428–30.
- 99NATO Cooperative Cyber Def. Ctr. of Excellence, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Michael N. Schmitt ed., 2d ed. 2017) [hereinafter Tallinn Manual].
- 100Id. at 2.
- 101Id. at 4.
- 102Id. at 51.
- 103Id. at 257.
- 104Id. at 233 (“In particular, employing a submarine or unmanned underwater vehicle to tap in territorial or archipelagic waters is inconsistent with the navigational regime of innocent passage as submarines are required to transit on the surface.”)
- 105Id. at 257.
- 106See Oliver J. Lissitzyn & Charles H. Stockton, Electronic Reconnaissance From the High Seas and International Law, 22 Naval War Coll. Rev. 26, 28 (1970).
- 107See, e.g., Roger D. Scott, Territorially Intrusive Intelligence Collection and International Law, 46 A.F. L. Rev. 217, 219 (1999). See also Davenport, supra note 29, at 105.
- 108Tallinn Manual, supra note 99 at 257. But see Davenport, supra note 29, at 105 (“Whether UNCLOS can be used to address the mass surveillance carried out through the tapping of undersea cables is not entirely clear . . . Such surveillance does not fall within conventional perceptions of military activities/intelligence gathering at sea, which as mentioned above, is targeted, and aims at enhancing knowledge of the marine environment and/or the military capabilities of other State’s navies.”).
- 109Tallinn Manual, supra note 99, at 169.
- 110Id. at 170.
- 111Id. at 257.
- 112Id.
- 113For example, a cable fault in the Pacific in 2007 cost $8 million to repair the cable. Michael Matis, The Protection of Undersea Cables: A Global Security Threat, U.S. Army War College (2012), https://perma.cc/34Y8-VLX3.
- 114The Economic Impact of Submarine Cable Outages Can Still be Enormous, SubCable World (Aug. 21, 2017), https://perma.cc/TF2F-QQ7R.
- 115Tallinn Manual, supra note 99, at 170.
- 116Universal Declaration of Human Rights, Dec. 12, 1948, G.A. Res. 217A, U.N. Doc. A/810 art. 12; International Covenant on Civil and Political Rights, Dec. 16, 1966, S. Exec. Rep. 102-23, 999 U.N.T.S. 171. art. 17 [hereinafter ICCPR]; Convention on the Rights of the Child, 20 Nov. 1989, 1577 U.N.T.S. 3 art. 16; Convention on the Rights of Persons with Disabilities, 3 May 2008, 2515 U.N.T.S. 3 art. 22; International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families, 18 December 1990, 2220 U.N.T.S. 39481 art. 14.
- 117Universal Declaration of Human Rights, supra note 116, art. 12.
- 118ICCPR, supra note 116, art. 17.
- 119Francesca Bignami, Human Rights Extraterritoriality: The Right to Privacy and National Security Surveillance, GWU Law School Public Law Research Paper No. 2017-67 (2017).
- 120See, e.g., G.A. Res. 71/199, The Right to Privacy in the Digital Age (Dec. 19, 2016).
- 121Ashley Deeks, An International Legal Framework for Surveillance, 55 Va. J. Int’l L. 291, 311 (2015).
- 122Bignami, supra note 119, at 4.
- 123Hum. Rts. Comm., General Comment no. 31, Nature of the General Legal Obligation on State Parties to the Covenant, ¶ 10, U.N. Doc. CCPR/C/21/Rev.1/Add.13 (May 26, 2004).
- 124Kristian P. Humble, International Law, Surveillance and the Protection of Privacy, Int’l J. Hum. Rts. (2020) 1, 5.
- 125Bignami, supra note 119, at 5.
- 126Humble, supra note 124, at 13.
- 127Stephen J. Schulhofer, An International Right to Privacy? Be Careful What You Wish for, 14 Int’l J. Const. L. 238 (2016).
- 128Asaf Lubin, We Only Spy on Foreigners: The Myth of a Universal Right to Privacy and the Practice of Foreign Mass Surveillance, 18 Chi. J. Int’l L. 502 (2018).
- 129Ronald J. Krotoszynski, Autonomy, Community, and Traditions of Liberty: The Contrast of British and American Privacy Law, 39 Duke L.J. 1398, 1401–02 (1990) (where privacy is defined as “a realm of individual autonomy in recognized and accepted social contexts” that is “defined in relation to a particular society at a particular point in time”).
- 130Beth Van Schaack, The United States’ Position on the Extraterritorial Application of Human Rights Obligations: Now Is the Time for Change, 90 Int’l L. Stud. Ser. US Naval War Col. 20, 32 (2014).
- 131Id. at 31–52.
- 13210 Human Rights Organisations v. United Kingdom¸ Privacy International (July 10, 2019), https://perma.cc/L3YH-VDZX.
- 133Cynthia O’Donoghue & Nona Keyhani, ECtHR Rules on UK Mass Surveillance Under RIPA¸ Reed Smith Technology Law Dispatch (Oct. 25, 2018), https://perma.cc/7EXY-UCLJ.
- 13410 Human Rights Organisations v. United Kingdom, supra note 132.
- 135PI’s Statement on the ECtHR Decision in Privacy International v. UK, Privacy International (Sept. 3, 2020), https://perma.cc/PPD9-NZ2D.
- 136Natasha Lomas, Europe’s Top Court Confirms no Mass Surveillance Without Limits, TechCrunch (Oct. 6, 2020), https://perma.cc/4L9U-U4Y6.
- 137Id.
- 138Joel R. Reidenberg, Resolving Conflicting International Data Privacy Rules in Cyberspace, 52 Stanford L. Rev. 1315 (2000).
- 139Davenport, supra note 29, at 106.
- 140Tallinn Manual, supra note 99, at 257.
- 141Davenport, supra note 29, at 106 (“Within the EEZ, the discussion above on the controversy surrounding the legality of intelligence gathering activities would also apply—the bottom line is that there is no clear prohibition against the physical tapping of fiber optic cables in the EEZ to be found in UNCLOS.”); Tallinn Manual, supra note 99, at 257 (minding “prejudice to the application of other international legal norms,” cable tapping is not per se illegal on the high seas).
- 142Tallinn Manual, supra note 99, at 257.
- 143Scott Coffen-Smout & Glen J. Herbert, Submarine Cables: A Challenge for Ocean Management¸ 24 Marine Pol’y 441, 444 (2000).
- 144See G.A. Res. 66/231, ⁋ 12 (Apr. 5, 2012); G.A. Res. 67/78, ⁋ 131 (Dec. 11, 2012).
- 145Coffe-Smout & Herbert, supra note 143, at 444.
- 146Tara Davenport, Submarine Communications Cables and Law of the Sea: Problems in Law and Practice, 43 Ocean Dev. & Int’l L. 201 (2012).
- 147Robert Wargo & Tara Davenport, Protecting Submarine Cables from Competing Uses, in Submarine Cables: The Handbook of Law and Policy 255, 263 (eds. Douglas R. Burnett, Robert C. Beckman & Tara M. Davenport) (2014).
- 148Davenport, supra note 29, at 84, 106.
- 149Zoe Scanlon, Addressing the Pitfalls of Exclusive Flag State Jurisdiction: Improving the Legal Regime for the Protection of Submarine Cables, 48 J. Mar. L. & Com. 295, 299 (2017).
- 150Davenport, supra note 29, at 84, 106; see also Nadia Schadlow & Brayden Helwig, Protecting Undersea Cables Must be Made a National Security Priority, Def. News (July 1, 2020), https://perma.cc/BP65-LGX4.
- 151Wargo & Davenport, supra note 147, at 256.
- 152Griffiths, supra note 16.
- 153Tallinn Manual, supra note 99, at 257; see also, Davenport, supra note 29.
- 154UNCLOS, supra note 65, Annex VI, art. XXI. See generally Treves, supra note 90.
- 155UNCLOS, supra note 65, art. CXIII. While fiber optic cables are not strictly telephonic, they are generally presumed to fall under Article 113.
- 156For discussion of the general jurisdictional requirements of ITLOS, see generally Treves, supra note 90.
- 157UNCLOS, supra note 65, art. CXII.
- 158Id. art. CCLXXXVIII.
- 159John E. Noyes, The International Tribunal for the Law of the Sea, 32 Cornell Int’l L. J. 109, 133 (1999).
- 160Anna Petrig & Marta Bo, The Internatjonal Tribunal for the Law of the Sea and Human Rights, in Human Rights Norms in ‘Other’ International Courts 353, 386 (Martin Scheinin ed., 2019).
- 161Id. at 386–91.
- 162UNCLOS, supra note 65, art. CCLXXXXV.
- 163Coffen-Smout & Herbert, supra note 143, at 444.
- 164Id.; Davenport, supra note 29, at 84.
- 165There is some question as to whether weak enforcement regimes, as in Australia or the United States, would be sufficient to evade ITLOS jurisdiction. States, however, can likely still obtain jurisdiction over this question.
- 166Davenport, supra note 29, at 106.
- 167Id. at 84, 106.
- 168Matis, supra note 113.
- 169The Economic Impact of Submarine Cable Outages Can Still Be Enormous, supra note 114.
- 170UNCLOS, supra note 65, art. CXIII.
- 171M/V Saiga (No. 2) (St. Vincent v. Guinea), Case No. 2, Memorial of St. Vincent of June 19, 1998, 2 ITLOS Rep. 13, ¶ 95.
- 172Guyana v. Suriname, 47 I.L.M. 166, ¶ 405 (Perm. Ct. Arb. 2007).
- 173UNCLOS, supra note 65, art. CCLXXXXIII.
- 174Suriname, 47 I.L.M. 166.
- 175Chao Zhang, Russian Absence at the Arctic Sunrise Case: A Comparison with the Chinese Position in the South China Sea Arbitration, 8 J. E. Asia & Int’l L. 413, 414 (2015).
- 176UNCLOS, supra note 65, art. CCLXXXXIII; Noyes, supra note 159, at 124.
- 177Mark Harris, How US National Security Agencies Hold the Internet Hostage, TechCrunch (July 18, 2019), https://perma.cc/J4UV-HNNM.
- 17810 Human Rights Organisations v. United Kingdom, supra note 132.
- 179Lomas, supra note 136.
- 180Melissa Eddy, Right to Privacy Extends to Foreign Internet Users, German Court Rules, N.Y. Times (May 19, 2020), https://perma.cc/GVU4-X7L5.
- 181Frederic Gilles Sourgens, The Privacy Principle, 42 Yale J. Int’l L. 345, 354 (2017); see also Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 2004 I.C.J. 136 (July 9).
- 182United States Diplomatic and Consular Staff in Tehran (U.S. v. Iran), Judgment, 1980 I.C.J. 3, 35 (May 24) (finding expulsion of the spying diplomat was the proper remedy); Libananco Holdings Co. Limited v. Republic of Turkey, ICSID Case No. ARB/06/8, Decision on Preliminary Issues, 1 43 (June 23, 2008) (finding states can intercept communications as part of lawful criminal investigations).
- 183Van Schaack, supra note 130, at 32.
- 184See generally Petrig & Bo, supra note 160.
- 185M/V Saiga (No.2) (St. Vincent v. Guinea), Judgment of July 1, 1999, ITLOS Rep., 10.
- 186Id. ⁋ 15; see also Treves, supra note 90, at 5.
- 187Petrig & Bo, supra note 160, at 382–85, 386–91.
- 188Id. at 391.
- 189See generally Francesca Delfino, ‘Considerations of Humanity’ in the Jurisprudence of ITLOS and UNCLOS Arbitral Tribunals, in Interpretations of the United Nations Convention on the Law of the Sea by International Courts and Tribunals 421 (Angela Del Vecchio & Roberto Virzo eds., 2019).
- 190Petrig & Bo, supra note 160, at 380.
- 191See Davenport, supra note 29, at 84; Scanlon, supra note 149, at 299–301.
- 192Tallinn Manual, supra note 99, at 170.
- 193Will Schrepferman, Hypocri-Sea: The United States’ Failure to Join the UN Convention on the Law of the Sea, Harv Int’l R. (Oct. 31, 2019), https://perma.cc/DG73-SR5A.
- 194Id.
- 195Noyes, supra note 159, at 154.
- 196Craig H. Allen, ITLOS Orders Russia to Release ARCTIC SUNRISE and Its Greenpeace Protestors, OpinioJuris (Nov. 25, 2013), https://perma.cc/RZ7S-SQPT.
- 197Bignami, supra note 119, at 5.
- 198Winston Qiu, Complete List of Google’s Subsea Cable Investments, Submarine Cable Networks (July 9, 2019), https://perma.cc/3KL8-T4PK.
- 199Many corporations form cable cooperatives to share repair and installation costs. See, for example, the Atlantic Cable Maintenance & Repair Agreement. About, ACMA, https://perma.cc/DXF6-NPFM.
- 200Noyes, supra note 159, at 132.
- 201See, generally Rebecca Crootof, International Cybertorts: Expanding State Accountability in Cyberspace, 103 Cornell L. Rev. 565 (2018).
- 202See generally Samantha N. Sergent, Extinguishing the Firewall: Addressing the Jurisdictional Challenges to Bringing the Cyber Tort Suits Against Foreign Sovereigns, 72 Vand. L. Rev. 391 (2019).